How it Works & FAQs

What is the Threat Intelligence Solution?

Dynamic Threat Intelligence

Advanced Cyber Threat (ACT)®
An intelligence service that synchronizes critical data feeds from vendors and communities of threat intelligence, including open source, normalizes and delivers threat intelligence to RuleGATE. read more

High Performance Gateway

RuleGATE®
Gateway devices deploy at the enterprise network perimeter and alert/block using cyber security policies based on threat intelligence. RuleGATE can handle the volume of ALL of the relevant sources of threat intelligence.
read more

Visibility Dashboard

QuickTHREAT Analytics Manager®
Visualizes a host of threat intelligence based activity and provides instantaneous internal host-correlation, simplifying the process for identifying compromised systems in even the largest of organizations.
read more

What is threat intelligence?

"Knowledge about adversaries and their motivations, intentions, and methods." - iSIGHT Partners

Command and Control

Malware

Threat Actors

Threat intelligence in its most basic form, is Indicators of Compromise (IoCs), such as an IP address associated with command and control infrastructure, malicious phishing domain names, or URL paths to download malware.

Reporting and context informs and relates this information in a meaningful way. Who is behind this attack? What are they looking for? Why are they coming after me? Threat intelligence provides relevant context to organizations to prioritize and defend against the changing threat landscape.

Commercial Intelligence

Industry & Community Intelligence

Threat Intelligence Platforms

Enterprise Security

How is threat intelligence being used today?

By requiring heavy integration everywhere.

The challenge of managing threat intelligence across the enterprise

Manually processing the data, understanding the reports, and creating the types of rules for the existing security devices is a time consuming effort. It's no wonder the largest complaint about threat intelligence is the inability to keep up and take action on the data.

Challenges with this approach:

Operator Intensive

Inefficient Process

Complex Log Queries

Enforcement Limits

Overwhelming Datasets

Multiple Standards

How will Threat Intelligence provide better protection to my network?

By keeping up to date dynamically.

It's not enough to detect advanced threats in your network. By then, it's too late. Centripetal turns cyber threat intelligence into protective action on the network. A majority of the hacking events that have occurred in the news have had cyber threat intelligence related to the threat in advance. By leveraging this intelligence, we are able to block this activity in the moment, rather than react.

In order to keep up with the volume of intelligence, we must be able to do so dynamically, machine-to-machine. Machine Readable Threat Intelligence (MRTI) is available in kinds of formats and update intervals. By automating the effort to keep up with the data, analysts are able to focus on the important tasks and improve their efficiency.

Types of Threats:

State-Sponsored

Cyber Crime

Hacktivist

Newly Registed Domains

APTs

Malware

By addressing the large information challenges.

Approximately 3-5K malicious domains are registered every day

Every day there are approximately 130K new domains which are registered, of which analysts estimate 3-5K daily are for malicious activities. The challenge of keeping up to date with that growing list of malicious domains is a monumental task, but with threat intelligence feeds, the data can be updated across the infrastructure in real-time, dynamically protecting against these malicious attack sources.

Organizations are already seeing results by enabling feeds specifically to deal with newly registered domains. Just preventing access to domains that are only 1 week old, requires approximately 1,000,000 Domain Name Indicators. These indicators are updated dynamically every night as these domains are registered. Blocking this network activity significantly reduces risk.

By leveraging the threat analyst community.

Thousands of analysts in your defense

Threat intelligence is currently being produced from the work of thousands of cybersecurity analysts around the globe. From commercially available to open source, the IoCs, i.e., IP addresses, ports/protocol, domain names, URLs to malicious content, are being reported, with context.

IoC types supported:

IP Addresses

Domains

CIDRs

Hostnames

IP 5-Tuple

URLs/URIs

By closing the gap from discovery to protection.

Threat intelligence indicators are updated across QuickThreat® Gateways within seconds

As cyber analysts produce reports and evaluate new malware, or track a threat actor's changing infrastructure, this information becomes extremely valuable. Often times, the challenge lies in getting the information distributed to the organizations that need to be aware of the threats. The time from discovery and sharing of threat intelligence to application in the network's defense is reduced to seconds.

How is Threat Intelligence being used with existing security technologies?

Threat Intelligence Technology Strategy

Gartner provides a roadmap for a security strategy leveraging Threat Intelligence. In that strategy, products and services map to 3 key areas, Acquire, Aggregate, and Action.

3 Keys to a Threat Intelligence Strategy

Acquire - While Centripetal does not directly provide researched threat intelligence, the QuickThreat Platform connects organizations to over 40 sources of threat intelligence; Open Source, Community/Industry, and Commercial.

Action - Centripetal's Threat Intelligence Gateway was designed from the ground up to scale to the demands of even the largest network environments. A single appliance is capable of supporting networks and datacenters of all sizes, blocking malicious traffic at an unmatched scale.

What is a Threat Intelligence Gateway?

A dedicated platform that simplifies the collection, management, and action of threat intelligence in network defense.

How is this different than using threat intelligence in my current firewall?

Achieve unparalleled performance from a purpose built appliance.

QuickThreat Gateways handles 125x more indicators than the most powerful Next-Generation Firewall (NGFW) available

Current firewall devices provide several functions in a single device. Perimeter defense, remote access (VPN), and application layer network inspection are common functions of the traditional firewall. When all of these functions are combined in a single solution a performance tradeoff is reached that reduces network throughput. Additionally, firewall devices that enable threat intelligence are generally restricted in indicator count due to a limit of 10-20K bi-directional rules (40K Total).

QuickThreat Gateways currently supports over 5 million indicators at full network performance, up to 10Gb/s in a single device, with no degradation at full capacity. This increase in capability, without complexity, prevents valuable intelligence from being aged out to keep up with the latest threats dynamically.

How is the QuickThreat® NPS different from a SIEM?

We provide real-time enforcement and enrich your SIEM.

QuickThreat sends events to the SIEM with applied threat intelligence context in real-time

QuickThreat Gateways output event logs to most SIEM devices in Common Event Format (CEF) with threat intelligence context at the moment of the event. This significantly reduces time to discovery, often from months to seconds, and also helps burdened security analysts prioritize their efforts, increasing the security effectiveness of the organization.

Is the QuickThreat® NPS difficult to install and get running?

No. It's a one day deployment.

Security Stack Integration

Flexible Configurations

Standard Rack Installation

Typical network deployments usually take only a single day to install, configure, and analyze network traffic. QuickThreat Gateways are most effective when installed at each Internet facing link, outside the firewall security stack. Due to the performance of QuickThreat Gateways, often 1 or 2 devices can support an entire datacenter or corporate headquarters. Additional deployment use cases are available; please contact us for more information.

Where does the QuickThreat® Gateway deploy in the network?

By deploying the QuickThreat Gateway between the Internet edge router and the firewall security stack.